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~ The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
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EXAMINER'S AMENDMENT 

1 . A response was received on 02 December 2009. By this response, Claims 1 -7, 
9-11,1 5-1 8, and 35 have been amended. No claims have been added or canceled. 
Claims 19-33 were previously withdrawn from further consideration as drawn to a 
nonelected invention. Claims 1-11, 15-18, 34, and 35 are currently under consideration 
in the present application. 

2. An examiner's amendment to the record appears below. Should the changes 
and/or additions be unacceptable to applicant, an amendment may be filed as provided 
by 37 CFR 1 .312. To ensure consideration of such an amendment, it MUST be 
submitted no later than the payment of the issue fee. 

Authorization for this examiner's amendment was given in a telephone interview 
with Royal Craig on 05 March 2010. 

3. The application has been amended as follows: 

IN THE CLAIMS: 

Please CANCEL Claims 19-33. 

Please REPLACE Claims 1, 3-7, 10, 11, 15, 16, 18, and 35 with the following amended 
claims: 
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1 . A method of providing a Certificate Status Service ("CSS") for checking validities 
of certificates issued by respective issuing Certification Authorities ("CAs"), comprising 
the steps of: 

receiving ono or moro cort i f i cato status queries for one or more certificates from 
requesting entities; 

if the issuing CAs are not found on a CSS's list of approved CAs or the 
certificates have expired, returning invalid statuses for those certificates; 

if current certificate statuses are found in a CSS cache memory, returning those 
the found certificates' statuses; 

if any certificate statuses have not yet been determined, fetching, from a CSS 
configuration store, all certificate status reporting methods and communications 
information that are needed for retrieving, from the respective issuing CAs, a certificate 
status of each certificate whose status has not yet been determined; 

configuring connectors based on the identified information for communicating 
with the issuing CAs; 

communicating with the issuing CAs according to the configured connectors; 

retrieving the certificate statuses of all queried certificates; 

processing the certificate statuses according to th e appropr i at e certificate status 
reporting methods implemented by the CSS including that may i nc l ud e, but [[is]] not 
limited to, a real-time certificate status retrieval protocol including LDAP. OCSP. and 
any other certificate status retrieval protocol for retrieving certificate statuses in real- 
time, and one of Certificate Revocation Lists (CRLs) that are retrieved at specified 
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publication intervals and Delta Certificate Revocation Lists (ACRLs) that are retrieved 
upon notification , and LDAP, OCSP, and any other cort i f i cato status moons that rotr i ovo 
c e rt i f i cat e status e s i n r e a l t i m e; 

recording retrieved certificate statuses in the CSS cache memory; and 
returning the retrieved certificate statuses to the requesting entities; 
wherein the issuing CAs and connector parameters, which enable the CSS to 
interwork with any CAs and CA domains even though the CSS and issuing CAs may 
operate using dissimilar certificate practices and policies, are designated on a list of 
approved CAs in the CSS configuration store. 

3. The method of claim 2, wherein the issuing CA is added to at least one 
organization's list of approved CAs by vetting and approving the issuing CA according 
to predetermined business rules, wherein the business rules include at least one rule for 
reviewing the acceptability of the CA's certificate policy and practices for i nsur i ng 
ensuring the identity of the entity requesting the certificate, and if the issuing CA is 
vetted and not approved or later disapproved, the issuing CA is added to the at least 
one organization's list of not-approved CAs in the CSS configuration store and/or has 
any prior entry removed from the at least one organization's list of approved CAs. 

4. The method of claim 3, wherein vetting and approving the issuing CA include 
registering a representation of a trusted certificate of the CA with the CSS and adding, 
to the CSS configuration store, at least the certificate status reporting component of the 
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CA[[;]L tne certificate status reporting m e thod component including, but not limited to 
CRL, OCSP, or LDAP[[,]]; a time-to-live data element; and communication information 
needed to configure a connector. 

5. The method of claim 4, further comprising the steps of: 

checking and updating the CSS cache memory for the queried certificate status, 
and if the queried certificate status is found in the CSS cache memory, checking that 
the local date and time are within the certificate's validity period and that the time-to-live 
data element and use-counter values are within a threshold; 

if any of the validity period, time-to-live data element, or use-counter values are 
unacceptable, clearing the CSS cache memory, wherein if the queried certificate status 
is not found in the CSS cache memory, the CSS establishes a communication session 
with the certificate status reporting component of the issuing CA, composes a certificate 
status request using one of the CRL or real-time reporting methods according to the 
configured connector, retrieves the queried certificate status from the certificate status 
reporting component, closes the communication session with the certificate status 
reporting component, and adds at least one of the c e rt i f i cat e 's certificate identification, 
certificate's status, use-counter, and time-to-live data element to the CSS cache 
memory. 

6. The method of claim 1 , wherein if the certificate status reporting method is 
indicated to be a Certificate Revocation List, then, according to a publication schedule 
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of the issuing CA, wh e r ei n the CSS retrieves the CRL from a certificate status reporting 
component listed in the CSS configuration store, the CSS clears the CSS cache 
memory associated with the issuing CA, and the CSS extracts the certificate statuses of 
all certificates from the CRL and stores the extracted certificate statuses in the CSS 
cache memory associated with the issuing CA. 

7. The method of claim 1 , wherein if the certificate status reporting method is 
indicated to be a ACRL, whoro i n then upon notification by the issuing CA that the ACRL 
is available, the CSS retrieves the ACRL from a certificate status reporting component 
listed in the CSS configuration store and if the ACRL is a full CRL, then the CSS clears 
the CSS cache memory associated with the issuing CA, extracts all certificate statuses 
from the CRL, and stores the extracted certificate statuses in the CSS cache memory, 
and if the ACRL contains changes occurring after publication of a full CRL, the CSS 
extracts all certificate statuses from the ACRL, and stores the extracted certificate 
statuses in the CSS cache memory. 

10. The method of claim 1 , wherein [[the]] certificates are held in the CSS 
configuration store until expiration and information is extracted as needed. 



1 1 . (Currently Amended) The method of claim 1 , whoro i n tho further comprising 
retrieving of th e statuses of the certificates issued by the approved CAs in response to 
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queries from a trusted third-party repository of information objects to the CSS to validate 
the certificate statuses , further comprising compr i ses the steps of: 

locating and reporting the requested certificate statuses if the certificate statuses 
are present and current in the CSS cache memory; 

if the certificate statuses are not present in the CSS cache memory, performing 
the steps of: 

obtaining the communications information, certificate status types, and 
retrieval methods from the CSS configuration store; 

if the certificate status type is CRL, and the CRL in the CSS cache 
memory is current, and the certificate statuses are not found in the CSS cache memory, 
then reporting the certificate statuses as valid; and 

if the certificate status type is CRL, the CRL is not current or found in the 
CSS cache memory, and local time is greater than a next scheduled publication time for 
the CRL, or if the certificate status type is not CRL, 

creating connectors and composing certificate status requests 
according to the respective certificate status type; 

establishing communication sessions with the certificate status 
reporting components of the issuing CAs; 

retrieving the certificate statuses from the certificate status 
reporting components using the obtained retrieval methods and ending the 
communication sessions; 

interpreting the retrieved certificate statuses; 
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associating, with the interpreted retrieved certificate statuses, time- 
to-live values representing periods specified by the respective CSS policy policies for 
the certificate status types; 

adding at least one of the cert i f i cate's certificate identification, the 
interpreted retrieved certificate status and time-to-live values to the CSS cache memory; 
and 

reporting the interpreted retrieved certificate statuses to the trusted 
third-party repository of information objects. 

1 5. The method of claim 1^ for prov i d i ng cort i f i coto status reports for cert i f i cates 
i ssued by tho approved CAs further comprising: 

reporting valid certificate statuses when the certificate status type is CRL, the 
CRL is current, and the certificate statuses are not found in the CSS cache memory; 

reporting the certificate statuses when the certificate statuses are found in the 
CSS cache memory and the time-to-live and use-counter values have not exceeded 
respective thresholds; otherwise, 

if either the time-to-live or use-counter values have exceeded respective 
thresholds^ clearing the certificate statuses from the CSS cache memory; 

if the certificate statuses have not been reported in a previous step, then 
requesting and retrieving the certificate statuses using the certificate status type 
reporting method indicated in the CSS configuration store; 
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when the status type is CRL, retrieving and parsing the new CRL at a next 
indicated publication time; 

when the certificate status type is at least one of the type LDAP, OSCP, and any 
other real-time certificate status reporting protocol, retrieving and parsing the certificate 
status; 

adding at least one of the cort i f i cato's certificate identification, certificate status, 
time-to-live and use-counter values to the CSS cache memory; and 

reporting the retrieved certificate statuses to the requesting entity. 

16. The method of claim 1 5, wherein a certificate status use-counter data element is 
added to the CSS's certificate status cache, wherein the certificate status use-counter 
data element is incremented or decremented every time the certificate's status is 
checked, and if the certificate status use-counter value exceeds a respective threshold, 
then the certificate status is reported and the CSS cache memory is cleared with 
respect to the certificate status. 

18. The method of claim 17, wherein when a request is made to the CSS to retrieve 
a certificate status of a new certificate and the CSS cache memory has reached an 
allocated memory size limit, the CSS searches the CSS cache memory for every 
certificate status entry where the current time exceeds the time-to-live value for every 
certificate status entry where the value of the use-counter data element exceeds the 
threshold and the value of the at least one certificate status entry with the oldest last- 
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accessed value, wherein the CSS then clears the respective CSS cache memory 
entries, retrieves the requested certificate status, places the retrieved certificate status 
in the CSS cache memory, and reports the requ e st e d retrieved certificate status to the 
requesting entity. 

35. The method of claim 1 , wherein [[any]] the CSS can query any othor a second 
CSS for the certificate status if that oth e r the second CSS is designated in the CSS 
configuration store as an approved certificate status reporting component for the issuing 
CA. 
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Allowable Subject Matter 



4. Claims 1-11, 15-18, 34, and 35 are allowed. 

5. This application is in condition for allowance except for the presence of claims 
19-33 directed to an invention non-elected without traverse. Accordingly, claims 19-33 
have been cancelled, as noted above. 

6. The following is an examiner's statement of reasons for allowance: 
Independent Claim 1 is directed to a method that provides a certificate status 

service that includes receiving queries for the status of one or more certificates; 
returning an invalid status for certificates having an issuing CA that is not found on a list 
of approved CAs; returning current certificate statuses if those are found in a cache 
memory; and, if certificate statuses need to be determined, fetching, from a 
configuration store, status reporting methods and communication information needed 
for retrieving certificate status from the respective issuing CA; configuring connectors 
and communicating with the CA based on the communication information; retrieving and 
processing the certificate statuses of the queried certificates, where the CSS includes 
both real time certificate status retrieval protocols and CRL or delta CRL protocols; 
caching the retrieved statuses; and returning the retrieved statuses to the requesting 
entities. The closest cited prior art, Koehler and Barrett, generally disclose a similar 
method of caching retrieved certificate statuses that includes checking an issuing CA 
against a list of approved CAs, providing certificate status if it is found in the cache, and 
if status is not found in the cache, fetching information needed for retrieving the status 



Application/Control Number: 10/620,817 Page 12 

Art Unit: 2437 

from a respective issuing CA, configuring connectors and communicating with the 
issuing CA, retrieving and processing certificate status according to a CRL, caching the 
retrieved status, and returning the retrieved status to the requesting entities. Additional 
cited prior art discloses caching certificate statuses retrieved and processed according 
to real-time certificate status retrieval protocols. However, none of the cited art, alone 
or in combination, teaches or suggests the use of both a real-time certificate status 
retrieval protocol and the use of CRLs in an interoperating manner as claimed, in 
combination with the other cited limitations. In general, the cited prior art that discusses 
both CRLs and real-time protocols only discloses them as alternatives and does not 
appear to disclose the two types of protocols in use together in an interoperating 
manner as claimed. 

Any comments considered necessary by applicant must be submitted no later 
than the payment of the issue fee and, to avoid processing delays, should preferably 
accompany the issue fee. Such submissions should be clearly labeled "Comments on 
Statement of Reasons for Allowance." 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Zachary A. Davis whose telephone number is (571)272- 
3870. The examiner can normally be reached on weekdays 9:30-6:00. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Zachary A Davis/ 

Primary Examiner, Art Unit 2437 



